Cyber-attack probe inconclusive

The Metropolitan Police Department has decided to end its investigation of a cyber-attack against Mitsubishi Heavy Industries Ltd., Japan’s biggest defense contractor, before the three-year statute of limitations expires.

This shows how difficult it is to investigate crimes committed in cyberspace. It must be kept in mind that any company or organization throughout the nation can be the target of a cyber attack and that precautionary measures should be taken.

In the attack on MHI, 45 servers and 38 personal computers at its Tokyo headquarters and at 10 other sites for manufacturing and research and development were infected with eight kinds of viruses. The viruses connected the Mitsubishi servers and computers to servers overseas for the purpose of hacking information. MHI says there were no leaks of protected information.

The first round of the attack took place Dec. 30, 2010. An email appearing in the form of a New Year’s greeting from a customer reached an employee. When the email attachment was opened, the computer was infected with a virus.

Malicious programs to find information related to MHI’s computers and networks in order to remotely control them were discovered later. Although parts of the programs were written in Chinese, the police could not confirm connections with China. These findings indicate that the attack was a typical case of emails with embedded viruses targeting corporate addresses.

In 2011, IHI Corp. and Kawasaki Heavy Industries Ltd. were also attacked by email viruses. In 2012, MHI’s computers used for development of space technologies were infected by a new type of virus. The Japan Aerospace Exploration Agency, the Upper and Lower houses of the Diet, the Foreign Ministry and nuclear power-related companies also suffered cyber-attacks. But it is not known who was responsible for these attacks.

The National Police Agency recognized 201 cases of attacks by email viruses in the first six months of 2013, a big decrease from the corresponding period of 2012. But the methods have become more sophisticated. In 33 cases, email viruses were sent only after several emails were sent masquerading as normal business communication — up from two such cases in all of 2012.

It is critical for companies and other organizations to immediately consult with experts if suspicious emails or activity are detected in their computer systems. It is also important to keep communication logs in case of cyber-attacks in order to aid subsequent investigations. Government organizations and businesses also should build networks to share information on cyber-attacks in an effort to be better prepared.